Wireless Internet System and Method

ABSTRACT

A method, system, and apparatus, including a program encoded on computer-readable medium, for transmitting data to a server. A wireless communication connection is established between a first computing device and a second computing device. Data transmitted from the first computing device to the second computing device is received over the wireless communication connection and stored on the second computing device for uploading to a server on an IP based network. The wireless communication connection is disconnected. An IP communication connection is established between the second computing device and the server on the IP based network, and at least a portion of the stored data is transmitted from the second computing device to the server on the IP based network over the IP communication connection after the wireless communication connection between the first computing device and the second computing device is disconnected.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of U.S. patent applicationSer. No. 15/451,363 filed Mar. 6, 2017, which is a continuation of U.S.patent application Ser. No. 15/184,989 filed Jun. 16, 2016, now U.S.Pat. No. 9,609,553, which is a continuation of U.S. patent applicationSer. No. 14/667,669 filed Mar. 24, 2015, which is a continuation of U.S.patent application Ser. No. 13/987,881 filed Sep. 11, 2013, now U.S.Pat. No. 9,042,306, which is a continuation of U.S. patent applicationSer. No. 12/665,978 filed Dec. 22, 2009, now U.S. Pat. No. 8,559,369,which is a national stage entry of Patent Cooperation Treaty ApplicationNo. PCT/IL07/00244 filed Feb. 22, 2007, which claims priority to U.S.Provisional Application No. 60/794,135 filed on Apr. 24, 2006 and U.S.Provisional Application No. 60/775,321 filed on Feb. 22, 2006, all ofwhich are hereby incorporated by reference in their entirety.

TECHNICAL FIELD

The present invention relates to a wireless Internet system and method,and more particularly to such systems for providing wireless Internetconnection to roaming devices such as Portable computers, Laptops, PDAsand phones, and the deployment of such a system in a fast spreadingmanner (a viral-like method), in a client software-only manner such thatthe existing access points are not changed at all.

BACKGROUND ART

Currently, there is a growing number of WiFi public hot-spots (or AccessPoints—“AP”). These APs allow WiFi-enabled devices (which we refer to asSTA) that are in their coverage area to Connect to the internet.

Some of the APs are operated as a business, service, or as part of acommunity, either with or without a charge to the STA's owner. Other APsare placed by individuals in their premises, but are not “locked”, i.e.,they are “open”, allowing bypassing STAs to utilize them. Other APsplaced by individuals are “locked” (or “closed”), thus not allowingpassing STAs to utilize them.

As APs are being deployed in growing numbers, many individuals locktheir APs for fear of unfair use of their network resources, and due tosecurity concerns. For instance, there have been cases where a personplaces an open AP, and his neighbor uses this AP as its interneeconnection on a full-time basis without the consent of the first person,thus abusing and degrading the service of the first individual, in othercases, the neighbor hacked into the computer of the first person throughthe network. Thus, as time passes, most APs are either locked, or apayment is required to use them. Although the total number of APs andtheir area of coverage is growing fast, a larger percent of the APs arebecoming locked and inaccessible to roaming STAs.

A prior art approach for allowing roaming customers to access theInternet is taken by Fon (www.fon.com). It allows individuals todownload a new software into their APs, which makes their APs apay-for-use APs for STAs that roam in their vicinity, and in addition,they receive a username and password for free access to other APs whichare operated by Fon or utilize their software. It also allows users toenjoy part of some of the payments made by other users to use thenetwork. However, roaming STAs are forced either to find an open AP,find an AP for which they have an account, or pay for access in casethere is a pay-for AP.

It is an aim of the current disclosure to provide a system and a methodfor deployment of APs for the purpose of connecting STAs to theInternet.

Roaming customers that connect to an AP are often far from the AP andhave borderline reception conditions. As a result, the connectionquality is very poor, and the user may experience a slow service or noservice at all. It is another aim of the current disclosure to provide asystem and a method for improving the connection quality for roamingSTAs.

Another aspect of this invention refers to systems and methods for fasthandovers in wireless networks such as 802.11 networks, specifically inun-managed wireless networks, and more particularly such systems andmethods which allow extremely fast handovers in these networks withoutany changes to existing 802.11 base stations. The invention alsoconcerns efficient performance with regards to power consumption,coverage, security, installation, capacity and availability of wirelessnetworks such as 802.11.

The invention can achieve these goals without any change to the WiFiaccess point.

Currently, there is a growing number of WiFi public hot-spots (or AccessPoints—“AP”). These APs allow WiFi enabled devices (which we refer to asSTA) that are in their coverage area to connect to the internet.

Some of the APs are operated as a business, service, or as part of acommunity, either with or without a charge to the STA's owner. Other APsare placed by individuals in their premises, but are not “locked”, i.e.,they allow bypassing STAs to utilize them. The cumulative connectivityprovided by the APs is enormous and growing fast, thus, it is temptingto use this cumulative connectivity to compete with other wirelesstechnologies. For example, it would be tempting to have a STA that lookslike a cellular handset (i.e., a WiFi Handset, or WiFi Phone), where theWiFi handset uses the free connectivity to provide a “free” service thatcompetes with or complements the cellular service.

One of the major difficulties of achieving this vision is that thecoverage of a single WiFi AP is very small (about a few hundreds to afew thousands of square meters). When a user goes out of this area, hisconnectivity is lost. A natural naive approach to solve this problem isperforming a handover (sometimes also called handoff) to another AP witha better radio connection to the user. Another approach is to have ahandset which supports both WiFi and Cellular, and handover theconversation from WiFi to Cellular [See: WO 2004/036770], this way, WiFiextends the coverage of cellular, and conversation is handed over fromWiFi to cellular, when there is no WiFi coverage. However, the problemof performing handover between one WiFi AP to another WiFi AP remainswhen appropriate cellular coverage is not available (or there is nocooperation from the cellular company). The same idea applies whencellular is replaced by other access technology, such as satellitecommunications.

The concept of handover is taken from cellular networks. Handoversusually work well in managed networks, such as cellular networks,campuses, or office environment, where the entire network is usuallyowned by the same operator.

The network operator in many cases chooses to add cells where coverageor capacity are needed. In managed networks, the APs (or the cellularcells) are synchronized and communicate with each other through abackbone, and are usually controlled by some other network entity (e.g.,BSC—base station controller in cellular systems). For example, the APscan communicate with each other, for example using the IEEE 802.11Fprotocol—the Inter-AP protocol, which involves a RADIUS (RemoteAuthentication Dial In User Service, see RFC 2138, 2865, and 2866)server.

The APs can also employ a radio resource management such as IEEE802.11K, or fast roaming using IEEE 802.11R, etc. However, in unmanagednetworks, the APs can be deployed by many unrelated entities, such as byprivate individuals.

There is usually no entity that synchronizes the APs. The APs can bemanufactured by various manufacturers, use various security mechanismsetc. In unmanaged networks, the handovers are typically very slow, as inthe process of handover, it takes time for the STA to re-connect to theinternet in the new AP (and it must disconnect from the previous AP). Insuch a handover in an unmanaged network, the IP address often changes.Therefore, a mechanism such as mobile IP must be used (as describedlater). This mechanism is limited with respect to the frequency in whichthe IP address can change, and a large latency (disconnection time) mayresult during the handover process. During the latency, the STA cannotreceive any incoming messages.

A handover process is typically composed of the station STA connectingto a new AP, and disconnecting from the old AP. If STA is connected inparallel to both AP the handover is called soft-handover, and if STAfirst abandons the old AP and then connects to the new AP, the handoveris called a hard-handover. Soft handovers require the ability of STA tocommunicate in parallel with at least two APs.

The process of connecting to a new AP is usually composed of thefollowing steps:

1. STA performs a scanning process to discover neighboring APs.

2. STA chooses a new AP, and performs authentication with the AP, inwhich the AP verifies that STA is allowed to access the AP.

3. If the authentication is successful, STA performs an associationprocess, in which the AP acknowledges that STA is connected to it(association requires the AP to allocate resources to the STA, and the802.11 standard allows up to 2007 STAs to be associated with an AP).

4. Once STA is associated with the AP, the STA makes sure that it hasall the information that it requires to communicate over the internet,for example, it must have an IP address, and it must update servers thatgovern its location (such as Mobile IP, as discussed later). In somecases, the user should go through a second authentication procedure(usually with a RADIUS server). Many times, this procedure is performedover a web interface, which is called a Captive Portal.

When a captive portal is used by the AP, the user needs to surf into thecaptive portal and perform a log-in to connect his IP address to theInternet. In some implementations, the user's web browser is forwardedto the captive portal regardless of the internet site that it tries tosurf into. Some APs allow the STA to surf in some limited number ofinternet sites before they complete the second authentication procedure(for example, if the AP is in an hotel, it might allow surfing into thehotel's website, or affiliated news web sites).

The procedure at the captive portal typically includes authentication,payment, or agreeing to terms of usage. Once the authentication iscompleted, the IP address of the STA is connected to the Internet(usually by reconfiguring the firewall that controls the communicationsof the AP). Each sub-process takes time to complete, resulting in atotal delay of over several seconds to complete the entire process.

In managed networks, Step 4 can be performed once in a certain amount ortime (or for a certain area), as moving between APs of the managednetwork does not necessarily change the parameters of the STA such as IPaddress etc. However, in un-managed networks (and sometimes also inmanaged networks), the STA must gain a new IP address and otherparameters, usually through DHCP (Dynamic Host Configuration Protocol,see RFC 1541). Completing the DHCP protocol can take up to severalseconds. Sometimes, obtaining an IP is not enough, and a secondauthentication is needed. In other cases, a proxy server or a Socksserver should be set for the communication. The entire process canconsume a few seconds, which are intolerable in a streaming two-wayapplication such as a voice conversation.

Many protocols that are used in the Internet require that the IP addressof the STA would remain fixed during communications (for example,TCP—Transport Control Protocol, see RFC 793). However, a handover mightresult in the change of the IP address. This change of IP address causesa break in the communication as the communication needs to be restarted.

One solution to this problem is provided by the Mobile IP standard (seeRFC 2002): in this solution the STA updates a server with its current IPaddress, every time that the IP address changes. As a preparation forroaming, the server allocates to the STA (in addition to the STA'scurrent IP address) an IP address that remains fixed, even when the realIP address of the STA changes. This fixed IP address is also known as a“care of” address. From this moment on, the STA keeps the server postedof the real IP address of the STA, and the STA can use (in itscommunications with the rest of the Internet) the “care of” address (orits home address) as if it was its own fixed address.

Any IP data packet that is sent to the care-of IP address is tunneled bythe Mobile-IP server to the current IP address of the STA. For packetsoriginating from the STA to the Internet, the STA can tunnel the packetsto the Mobile-IP server, which replaces the IP address with the care-ofaddress. However, many times the STA can simply write its care-of IPaddress as the source address of the IP data packet, as many times, thesource address of IP packets is not checked what-so-ever in the courseof routing the IP data packet in the Internet.

The Mobile-IP solution can be applied as long as the handovers are notperformed too often. However, it incurs the punishment of routing allincoming packets through a server, causing both an increased travel timefor the data packets, as well as latency (or disconnection) for the timethat the real IP address changed, but the server is not informed yet. Ifthe round-trip-time of the packets between the STA and the server islonger than the time a STA stays with the same IP, this method fails, asby the time packets reach the reported location of the STA, the STA isalready in another location.

For many applications, such as voice, it is of utmost importance tominimize the time spent on the handover process. The time consumed bythe handover process is usually dominated by the scanning step (Step 1as mentioned above), and by Step 4 (specifically in case of an unmanagednetwork). There are many solutions that address fast handovers incellular networks, and a few solutions that address fast handovers inmanaged WiFi networks (for example, see: WO2004/054283, which reducesStep 1 (mentioned above) by selective scanning but requires modifyingthe AP). None of these solutions deal with the delay due to Step 4.

It is an object of this invention to provide very fast handovers even inunmanaged networks.

Another barrier for wireless applications is that WiFi coverage mightexists, and security policy might allow the STA to connect, but the APmight be out of resources (for example, there are 2007 associated STAs,and therefore it has no resources left, or that it has a limited IPaddress space which was already allocated through DHCP, and it has no IPaddress to allocate). It is an object of this invention to provide asystem and method that allows STAs to use the services of the AP evenwhen some of its resources are exhausted.

Another barrier for many wireless applications is the complexconfiguration of wireless parameters of STA, especially the securityparameters. A user that purchases a new STA and has an existing AP,might wish to configure his new STA to work with his AP. Thisconfiguration includes entering into the STA the encryption key andauthentication key that would allow it to use the AP. Existing solutionsrequire a change in the AP and STA, such that a special key can bepressed simultaneously at both ends to perform automatic configuration(like Buffalo INC's AirStation OneTouch Secure System—AOSS, orBroadcom's SecureEasySetup). Without such a solution, the user isusually forced to punch into his STA the security codes (which aretypically long). The problem worsens when the STA moves between APs thatuse different security settings.

It is an object of this invention to provide for easy configuration onboth levels: at the initial setup and while roaming.

Another barrier for many wireless applications is that WiFi coveragemight exist, but it is locked and unavailable for use for the STA. It isan object of this invention to provide a solution for (legally)accessing locked APs.

Another problem with WiFi is that the WiFi protocol is not optimized forlow battery consumption (compared to cellular protocols such as GSM). Incurrent solutions, if the STA moves between APs and changes its IP, itmust use mobile IP and inform an entity (server) in the network of itscurrent IP (we refer to this process as “location update”, as the STAupdates the network entity of its location). Frequent location updatesexhaust the STA's battery. Another problem with frequent locationupdates is that they create a heavy load on the network and on thenetwork entities that manage and keep track of the STA's location.

The situation in WiFi is very different from the situation in cellularnetworks in two ways. Both of the ways cause an increase in the numberof location updates in WiFi: First, in cellular network, the cells aretypically much larger than a “cell” that is created by a WiFi AP.Therefore, in cellular networks, there are fewer transitions betweencells, and hence less location updates. Second, cellular protocols allowdefining a “location area” that encompasses several cells, and the STAis required to perform location update only when moving between locationareas, and thus reducing the number of location updates. Current WiFiprotocols are not built to support location areas.

It is an object of this invention to provide a method that reduces thenumber of location updates required for STAs while moving between APs.

It is an object of the current invention to provide solutions to theabove mentioned problems, using both a centralized (server based)approach, and also by providing a method for performing the solutionsusing a distributed peer-to-peer network. Therefore, no huge servers andno large investments are required.

DISCLOSURE OF INVENTION

The invention is described by way of example, but it should be obviousto persons skilled in the art that many variations thereof may beimplemented.

A novel aspect of the invention relating to the deployment of APs isthat devices function at the same time as STAs and as APs. This allows aSTA to also create a new AP for connecting other STAs to the Internettherethrough. It is known in the art that a STA wireless card canoperate in one of two modes, STA or AP. The present inventor has found away to activate a device simultaneously in both modes.

According to another novel aspect, a connecting STA can limit the set ofInternet addresses or Internet sites that other STAs which connectthrough it can access, but the set of allowed addresses includes aspecial web site from which other STAs can download the Vagabee™software, Vagabee software includes the functionality of the software ofthe first STA, to open new APs and further spread the Vagabee.

Once the new STAs download and execute the Vagabee software, the firstSTA detects that the software is running on the new STAs, and allowsthem a wider access to the internet. Therefore, new STAs must downloadand run the Vagabee software to get wide access to the internet. As thenew STAs run Vagabee, they become APs in their own right and allow otherSTAs to download and connect through them to the internet in the currentlocation of these STAs, as well as in any other location they go.

Another novel method of the present invention allows a STA to connectthrough two or more APs simultaneously. Thus, a STA can enjoy a morestable connection even if part of the connections are of borderlinequality. Furthermore, more connections may achieve a broader connectionto the Internet, or may balance its traffic such that each STA carry alighter burden with regards to the extra bandwidth they carry due to anew STA.

Multiple connections also allow faster handovers, as if a STA is movingfrom one place to the other it can first establish a new connection andthen the old connection is terminated, practically leaving the STAconnected.

In a further development of the novel method, a laptop (the terms STAand laptops are interchangeable, we use laptop rather than STA as in thepreferred embodiment these cases the STA would be a laptop) can connectwith another laptop directly or through a STA, such that both enjoy theInternet connection of the other. As the internet connection is not usedall the time (typical laptop uses on average a few percents of itsmaximum bandwidth), both laptops will experience a much fasterconnection to the Internet.

Another important issue is the security of the system. A Laptop mightagree to act as an APs, but it does not agree to allow other STAs toaccess its inner network (i.e., the laptop owner wishes to allows theseSTAs to access the internet through its private network but does notallow them to access computers on its private network. Another securityconcern is that the new STAs may desire to prevent the first STA fromtapping into their Communications, i.e., they do not want the first STAto be able to tap into communications that the first STA relays. Thecurrent disclosure provides novel method to deal with these twoproblems.

First, external STAs (new STAs) are not allowed access to computers inthe inner network by having the first STA drop data packets from theexternal STAs that are designated to local IP addresses on the innernetwork. Second, a new STA's privacy is protected by tunneling itssensitive traffic to a trusted network site, and the new site accessesthe Internet through his tunnel to the trusted network site which actsas a proxy for it.

An important issue is to prevent STAs from using other laptops for theirprimary network connection for a long period of time. A novel methoddetects that a STA is connected to the Internet through the same laptopfor a long period of time, and disconnects the STA. Alternatively, theSTA has to pay to continue and use the network. The pricing can be suchas to encourage the STA's user to purchase his own connection from anindependent Internet Service Provider (ISP).

In yet another novel method, the software running on a laptop canreplace the commercial banners that appear in the web pages the laptopsurfs into, as well as the web pages that connected STAs surf into. Thebanners can be stopped, replaced, and made specially targeted to theuser, for example based on his location.

A further novel method is that the wireless internet coverage that isobtained using laptops can be used by devices such as wireless IP phonesto make phone calls using the wireless internet coverage, cellularphones that have built-in WiFi connection, or digital cameras with WiFithat wish to upload the data stored in them. Other devices might includefor example, radio or TV broadcast capabilities.

For example, Digital cameras might be equipped with WiFi. The owner ofsuch a camera would like to upload his pictures from the camera to aserver that stores the pictures on the Internet—the reasons for this mayvary from being able to share the photos while on vacation with familymembers left at home, backup the pictures from the digital camera to theInternet server, or simply because the memory card on the camera isrunning out of space. A major problem is that to upload the pictures tothe Internet may take a very long time, as pictures consume megabytes tostore. In the novel method, the camera can send the photos to the laptopover WiFi (this connection is very fast), then disconnect and move on.Then, the laptop uploads the pictures to the Internet server (thisprocess can take a long time as it involves uploading a lot of data),but the laptop owner would not feel it as a burden, since the picturescan be uploaded when his Internet connection is not used for otherpurposes.

Improvements to this method may include: The camera can encrypt thepictures so that the laptop owner cannot see them. The pictures can bestill stored in the camera after being uploaded to the laptop, as thelaptop might fail to upload them. The next time the camera connects tothe Internet, it can check with the Internet server that the picturesarrived correctly to the server. If that is so, the pictures may beerased from the camera. Otherwise, the camera can re-transmit thepictures.

To have faster uploads, the camera can upload the pictures to severallaptops that would upload the picture to the server.

Another novel method relates to configuring STAs to connect to awireless network. The configuration., and especially the securityconfiguration of STAs to connect to a wireless Internet connection suchas Win is cumbersome and annoying to most users. Assume a STA belongs tothe same user (or user group) of the owner of a laptop. Then, by aspecial logging into a website, the configuration of the laptop can becopied to the STA, thus configuring it to use the AP (i.e., allowing aconnection without the laptop).

Another novel method allows devices with a trusted hardware to receiveinformation that instructs them how to directly connect to AP, byproviding them with the needed settings and security information.

One of the novel aspects of a very fast handover is to practically“almost complete” the process of the handover before it even started,possibly with the assistance of another STA that is already in the newAP's coverage (further details are described later).

Another novel aspect is that the same MAC address and IP address canactually be used by more than one STA. The differentiation between theSTAs can be performed by using higher protocol identification, such asdifferent port numbers (for example TCP ports), as detailed later.

It is useful for a station STA to know the identity of the adjacent APsthat the STA might hand over to. The identity of an AP can beestablished in several ways, as disclosed herein. The SSID (Service SetID) of the AP is usually broadcasted by the AP using periodicaltransmissions known as beacon. However, two adjacent AP may have thesame SSID. In such a case, the MAC address of each AP is different, andAPs can be differentiated based on their MAC address (which serves as aglobally unique identification parameter). Some APs do not transmitbeacon, and only respond when they are addressed using their SSID. Inthis case, a priory-knowledge is needed, see below,

Another aspect of the invention is for a STA to selectively scan for aneighboring AP in the following novel way. Assume that a STA scans tosee if it can receive the beacon of a second AP, where the scanning willbe performed exactly when the second AP is expected to transmit itsbeacon, therefore, the disconnection from the first AP will be minimal.The novel method consists of scanning and storing (in network entities)information about the relative time between adjacent APs, and theirrelative clock drift. This information is retrieved at the appropriatetime such that the STA knows to wait for the beacon just before it istransmitted.

Another aspect of the invention is to prevent exhaustion of resources atthe APs. GN keeps a pool of MAC addresses with associated IP address.Just before a STA enters the AP, GN sends it a MAC address and an IFaddress that are already associated with the AP. Therefore, the STA canconnect even if the AP has no resources left for new STAs.

Another novel aspect of the invention is to save Battery Power andreduce network load by reducing the number of Location Updates in WiFi.A location update is the process in which a STA informs an entity in thenetwork on its current location (the notification can take many forms,including opening a TCP connection, or sending UDP packets). In priorart for 802.11 networks, a location update is required whenever the IPaddress of the STA changes (for example, when moving between APs ofdifferent subnets)—even if the STA is idle (not transmitting orreceiving data). The novel method allows to define a location area forWiFi, such that an idle STA needs to perform location update only whenit moves between APs that belong to different location areas, but doesnot need to perform location update when it moves between APs of thesame location area, even if its IP address changes. See further detailslater.

A pseudo-beacon is another aspect of the invention which allows reducingthe number of Location Updates. It is a message that GN can periodicallytransmit in each AP. While some APs might permit a remote node totransmit a message in the AP, other APs might not allow it. In the novelmethod, a certain MAC address, IP address, and possibly a port number,are allocated in each AP for the purpose of pseudo-beacon transmission.Further details are described later.

Configuring the security in new STAs to work with an existing AP mightbe a tedious job, as the security (authentication/encryption) code mightbe very long as known in the art, and the user might need to punch itinto the STA. A novel solution for easy configuration is disclosed.Unlike previous solutions, the novel method does not require changingthe existing AP of the customer. In one embodiment, software is run on apersonal computer of the user (that is already configured to access theWiFi). Then, the software establishes a secure channel with the STA, andcopies the security information from the personal computer to the STA.In this way, the STA learns the security parameters. An authenticationphase in which the STA is authenticated by the software or a remoteserver can be added before copying the security information.

In another embodiment, the customer first connects the STA by wire toits network (or alternatively, the STA first connects using a connectionit establishes through an already connected device, such as a personalcomputer or laptop).

As the STA can receive and transmit signals on the wireless network andit is connected to the internet (through the other connection) at thesame time, it tries to locate the web configuration of the AP on thewired network (most APs have a web interface). In most cases, it is aneasy job for the STA, as either the STA can locate the AP as it is thedefault gateway of the wired network, or it can try to find its IP byperforming RARP (Reverse Address Resolution Protocol) using the wirelessMAC address of the AP (which it can see off-the-air). Further detailsare described later.

Another novel method for gaining access to locked networks is disclosed.While performing the above described easy setup (or at any other time),the user is prompted, if he wishes, to join a swapping service. Theswapping service allows the user to gain access to many locked networks(the locked networks of the other users that joined the swappingservice), in return he allows users to use his network for the purposeof connecting to the Internet. If the user agrees, the access parametersto his network (encryption key, MAC address, default gateway, etc.) aresecurely stored in the network (for example in GN, and a backup server).The security information will be securely sent directly into thehardware of other STAs, when they need to connect using his AP. Furtherdetails are described later.

Another novel aspect of the invention takes advantage of the fact thatthe wireless network is local in nature, as the APs are geographicallyadjacent. As a result, the methods that are disclosed can be implementedby many small devices on the Internet, each responsible for a geographicarea. The devices form a peer-to-peer network that implement themethods, without the need to rely heavily on large servers.

Another novel aspect of the invention is to have a STA which has acapability of communicating in two or more channels in parallel. Thiscapability can enable a STA to be connected to two APs in parallelwithout the need to implement sophisticated mechanisms that actuallysimulate this situation. Thus, a STA can connect with future APs whilemaintaining a connection through its serving APs. Being connected to twoAPs simultaneously allows greater bandwidth by utilizing two connectionsinstead of one, and soft-handovers, i.e., the STA stays connectedthrough one AP, while disconnecting from the second AP in the process ofhandover.

The new system and method refers, among others, to the followinginnovative features:

1. A viral-like fast spread method for the Vagabee™ software:

at the network level

at the already connected PC

at a connecting PC, already having the Vagabee software

at a connecting PC, not yet having the Vagabee software

details of the software package being loaded on a new computer:functions, operation, how installs, how spreads further away to otherPCs.

2. Detail the viral spread method:

use of existing standards; “as is” or with modifications

method of reporting to user and getting a user's approval

interaction with firewall and antivirus programs in the PC

3. Vagabee in use, with flow charts:

manage communications with presently connected PCs

add new PC

remove a PC. Recover chain, reestablish communications when intermediaryPC disconnects

resolve conflicts where there are several Vagabee systems in one area.

Method of operation, so the networks will not interfere with each other,rather they may assist each other and maybe provide backup functions.

Knowing the identity of adjacent APs and the location of STAs.

handoff to another local Vagabee network

4. Vagabee in use, system design:

workload on the various PCs in the chain (the workload increases as onemoves closer to the AP, the Internet connection)

overhead, signaling and control, traffic control. Define signals, methodof operation

permission to access more sites on the Internet after a new PC downloadsand activates Vagabee—how implemented.

reliability issues

5. System design for various configurations

The basic assumptions greatly affect the performance of the networksystems which may be formed:

a PC connects to only one additional PC

a PC may connect to one or two additional PCs

a PC may connect to more than two additional PCs

6. Bandwidth control

Bandwidth request and allocation. For the various PCs in the chain.

Methods for improved channel use. Flow is implemented.

7. Privacy issues—how the inner/outer areas are implemented.

Protection from viruses and eavesdropping, passwords protection, etc.

Damage control, Recovery from a virus attack,

This is a vital aspect of the new technology.

8. User control and supervision

the user of a PC decides whether to install Vagabee

the user of a PC decides whether to allow additional users to connect,with what parameters (bandwidth allocation, etc.)

incentives for a user to allow his computer to connect others,

the user allows or forbids additional users, according tocircumstances—how important his present activity is, what is the qualityand bandwidth allocated to that user (how much spare bandwidth there is)

9. Details of implementation—software

New software

Modified existing software

Method of use of existing software, standards

10. Functions, benefits to users—detail methods to implement them

free internet connection

enhanced bandwidth, reliability

provide additional services—locate gas stations, Pizza Hut, restaurants.

BRIEF DESCRIPTION OF DRAWINGS

FIGS. 1 and 2 illustrate a wireless system for connecting mobile devicesto the Internet through an access point

FIG. 3 illustrates an expanded wireless system for connecting mobiledevices to the internet through more than one access point

FIG. 4 details a method for fast spreading the Vagabee software byproviding free wireless access to the Internet.

FIG. 5 details the dual mode connectivity of a STA also functioning asan AP with the Vagabee method and software

FIGS. 6A to 6F detail stages in a wireless network evolvement andspreading of the Vagabee software

FIG. 7 details a method addressing control and security aspects of theVagabee spreading method

FIG. 8 details a method addressing coordination and control aspects ofthe Vagabee spreading method for the first, connecting STA

FIG. 9 details multi-AP, fast configuration setting and handover aspectsof the Vagabee spreading method for the second, to be connected STA

FIG. 10 details multi-AP, fast secure configuration setting andredirection aspects of the Vagabee spreading method for the first,connecting STA

FIG. 11 details multi-AP and fast configuration setting aspects of theVagabee spreading method for the second, to be connected STA

FIG. 12 illustrates a system including mobile stations (STAs) and theirAccess Points (APs), with one STA moving from the coverage of one AP tothe coverage of another

FIG. 13 illustrates a wireless system facilitating handover andincluding a STA, a Governing Node (GN) and another user, TerminationNode (TN)

FIG. 14 details the handover method

FIG. 15 details a method for implementing two connections with a STA.

FIG. 16 details a method for connecting other STAs

FIG. 17 details another method for connecting other STAs

FIG. 18 details a method for configuring other STAs to directly connectto the AP

FIG. 19 details another method for configuring other STAs to directlyconnect to the AP

FIG. 20 details yet another method for configuring other STAs todirectly connect to the AP

BEST MODE FOR CARRYING OUT THE INVENTION

A preferred embodiment of the present invention will now be described byway of example and with reference to the accompanying drawings.

Dual Use Laptop Simultaneously Connected to the Internet and Serving asAP

FIGS. 1 and 2 illustrate a wireless system for connecting mobile devicesto the Internet through an access point. It may use a novel method forperforming the deployment of APs, i.e., the method that allows devicesto function at the same time as STAs and as APs. For example, a laptop11 is connected to the Internet through access point AP 10, and at thesame time, laptop 11 shares its connection for other STAs by operatingas an AP. Thus, other STAs 12 and 13 look at laptop 11 as an AP, and canconnect through it to the Internet.

When laptop 11 is connected to AP 10 through a wired connection, it cansimply set its wireless connection as an AP (Infrastructure mode).However, when laptop 11 is connected to AP 10 through a wirelessconnection, the situation is more complex. Disclosed is a novel methodin which laptop 11 can be connected to AP 10 and serve as an AP usingonly a single wireless network card. Laptop 11 connects to AP 10 justlike any other STA, and at the same time runs the protocol stack of anAP.

Laptop 11 uses the same channel as AP 10, and transmits a beacon messagesuch that the beacon of AP 10 and the beacon of laptop 11 are expectednot to collide in time. Laptop 11 derives and updates its internal clockfrom AP 10, but adds a constant delay (to make his beacon appear with adelay after AP 10).

In another embodiment, laptop 11 does not add a delay to the time of AP10, but sets the beacon period to a value, such that the greatest commondenominator (GCD) between its beacon period and the beacon period of AP10 is the smallest that is possible. Such a choice of beacon periodensures minimal collisions between the beacons.

In the preferred embodiment, laptop 11 will run a Network AddressTranslation (NAT) and a DHCP server as part of his protocol stack.Running DHCP enables laptop 11 to provide an Internet address to STAsthat connect to it. Running a NAT allows laptop 11 to connect other STAsthrough it, while keeping conformance with regards to AP 10-To AP 10 allthe communication appears to be originating form laptop 11.

The software package 31 may be contained in the laptop 11, or in thelaptop 11 and the STA 12, for example.

Viral Spreading

Many networks suffer from the network effect in their infancy, in whichthe first users have no incentive to join the network. However, thenetwork is of great value once many users are in the network.

The following method and system attracts the first users, and provide anincreasing value as the network grows. The first very few laptops withthe software are installed and deployed in key areas by the networkinitiator. The software running on the laptop 11 has functionality 31 asfollows (explained through an example):

Laptop 11 acts as an AP and allows other STAs to connect to it. Tofurther lure STAs, the SSID (Service Set Identification—this is the nameof the network that users see when looking for an available network) canbe set to “Free Internet” or another name that will attract roaminglaptop users to log-into it while searching for wireless networks.

Assume a user using a laptop called STA 12 connects as described above.Once STA 12 is connected to the laptop 11 (laptop 11 serves as an AP),no matter which web site the user tries to enter, the software 31 onlaptop 1.1 forwards the connection to a special web site 30. The website 30 informs the user (STA 12) that, in order to use the freeconnection, it must install a software with functionality 31. The dealis that the user is allowed the free access at this location, but it isrequested to share his own connection when he has one at his disposal.The user then downloads and installs the software with functionality 31(See FIG. 1.B which shows software with functionality 31 running on STA12. Once laptop 11 identifies that STA 12 has functionality 31 running,it allows it a wider access to the internet (or a full access to thepublic Internet).

Thus STA 12, which originally did not have functionality 31 running, butits user wished to connect to the internet, ended up with functionality31 installed and running on STA 12, and the user received a workinginternet connection. When the user moves STA 12 to another area in whichit connects directly to an AP (which might be locked), it shares itsconnection with other STAs, which are also motivated to installfunctionality 31. Thus, functionality 31 can spread quickly among STAs,and the total area that is served grows larger, where each additionalSTA spreads the network further.

Laptop 11 together with its software might need to use two differentsecurity parameters at the same time—one towards AP 10 (which might belocked), and open security towards other laptops—so they can connectwith no security settings. Once functionality 31 is running, it canestablish a secure connection with laptop 11 as a secure layer on top ofthe fundamental insecure wireless.

Connection Through Multiple Access Points

Another novel method of the present disclosure allows STA 14 to connectsimultaneously through two or more APs, see FIG. 3. For example, STA 14connects through both laptop 11 and laptop 21 to the internet. Thus, STA14 can enjoy a more stable connection even if both connections (throughlaptop 11 and 21) are in borderline quality. Furthermore, even in casethe connections are not in borderline quality, they can be used toprovide STA 14 a broader connection to the internet, or balance histraffic such that laptop 11 and laptop 21 carry a lighter burden perlaptop with regards to the extra bandwidth they carry due to STA 14.

Multiple connections also allow handovers. When a STA is moving from oneplace to another, it can first establish a new connection and then theold connection is terminated, practically leaving the STA connected.

When laptop 11 and laptop 21 use the same WiFi channel, STA 14 connectsto both laptops by creating two protocol stacks on the MAC (Media AccessControl) layer. When laptop 11 and laptop 21 operate on differentchannels, STA 14 agrees with laptop 11 and laptop 21 on period of timesin which laptop 11 sends packets to STA 14, and periods of time in whichlaptop 21 sends packets to STA 14. STA 14 makes sure that these periodsof times do not overlap, thus, STA 14 sets the channel according to theperiod, such that it listens on the channel of the laptop that mighttransmit to it. If the laptop has packets pending for STA 14 it queuesthem for transmission in the transmission period.

In order to have a faster connection through the two (or more)connections, STA 14 downloads/uploads some of the information throughone connection, and the rest through the other connection. For example,when downloading a web page, STA 14 can download the text through oneconnection, and download the images through the other connection.

In another embodiment a remote site 50 with a fast Internet connectionacts as a proxy of STA 14. Incoming and outgoing packets are forwardedbetween STA 14 and remote site 50. The packets are sent usingerror-correction codes that allow reconstructing the data even if somepackets are lost on one connection, but some packets reach thedestination using the other connections. The role of remote site 50 canbe assumed by a service provider, by computer with a software that theuser installs in his premise, or by another user with high bandwidth.

When the STA moves from one location to another, new connections arebeing established, while other connections are being disconnected.However, as long as there is at least one active connection, the STAwill stay connected to the Internet continuously and seamlessly.

Sharing Internet Connection Between Laptops

When laptops 21 and 11 are within radio (wireless) contact (or throughthe mitigation of other STAs), each laptop can treat the other asanother connection at his disposal. Thus, the maximum data rateavailable for each laptop can be significantly extended, much like thecase with a STA connected to two laptops.

FIG. 4 details a method for fast spreading the Vagabee software byproviding free wireless access to the Internet. The method includes:

a. First STA transmits “AP available” WIFI info 41

b. Info is presented to Guest 42

c. Guest chooses our AP? 43

d. Allow limited access to Guest including our Web site 44

e. Guest agrees to use our service? 45

f. Download connectivity software to Guest and activate it 46

g. Connect Guest to Internet and allow wider access 47

h. Guest transmits “AP available” info and further spreads our service48

** End of method **

Note: It is not mandatory to perform all the above stages. The moreimportant steps are 4547 or any similar implementation.

FIG. 5 details the dual mode connectivity of a STA also functioning asan AP with the Vagabee method and software. The method includes:

a. First STA associates with an AP as a regular STA 411

b. First STA activates “AP” protocol stack with open security 412

c. Guest chooses our AP? 42

d Address translation to connect Guest to our Website 445

** End of method **

The above method has been implemented by the present inventor on acommunication device using the Intel 2200 chipset, just as an example toshow that it can be done. The present inventive approach and method maybe used towards similar implementations with other communicationdevices.

FIGS. 6A to 6F detail stages in a wireless network evolvement andspreading of the Vagabee software, including:

FIG. 6A: There is a Laptop 11 connected to the internet by wirelessthrough the access point AP 10.

FIG. 6B: The Laptop 11 also functions as AP using the Vagabee software,thus allowing free access for STA 12 through Laptop 11.

FIG. 6C: STA 12 joined the Vagabee group, created a new AP to alsoconnect Laptop 121. A long chain can thus be formed.

FIG. 6D: each AP can connect several new devices, as illustrated herewith Laptop 122.

FIG. 6E: a multi-AP network may be configured, with a plurality ofdevices being connected through both AP 10 and AP 20. A device such asLaptop 122 can be simultaneously connected through more than one AP tothe internet.

FIG. 6F: As the initiated device Laptop 124 moves to another locationand connects to AP 24 (maybe it has a license or privileged accessthere, while Latop 125 and STA 126 cannot connect directly to AP 24 dueto distance or lack of security parameters), the Vagabee software indevice 124 opens a free AP at that location, now being utilized byLaptop 125 and STA 126 to connect to the internet. At a separatelocation. AP 10 may still operate and connect STA 12, Laptop 121 etc.

Security

Another important issue is the security of the system. Consider asituation (shown in FIG. 2) in which laptop 11 agrees to act as an APs,but it does not agree to allow STA 13 and STA 14 to access his innernetwork (i.e., it allows STA 13 and STA 14 to access the internetthrough his network but does not allow them to access computers in hisnetwork. For example, a private server 40 should not be accessible tothem). On the other hand, STA 13 wishes to use laptop's 11 network, butmight not wish laptop 11 to be able to tap into the data that STA 13exchanges with Internet servers. The current disclosure addresses thesetwo problems using a novel method. First, external STAs are not allowedto access to the inner network by not allowing them to access to localIP addresses. Second, STA 13's privacy is protected by tunneling itssensitive traffic to a trusted network site 50, and STA 13 accesses theinternet through its tunnel to the trusted network site 50, which actsas a proxy of STA 13.

To prevent STAs from accessing the inner network, laptop 11 blocks alltraffic from the guest STAs to internal addresses (i.e., addresses thatappear only in local networks and not in the public internet, such as192.168.*.*, or 10.*.*.*, and 172.16.0.0-172.31.255.255). Anothermethod, which can be applied independently, is to allow the connectionif it is at least x hops into the Internet, where x is the maximumnumber of hops in the local network (which can be discovered byperforming a traceroute command). Another method is to allow access toaddresses which have an IP address with a different prefix, as internalnetworks typically have the same prefix on the IP address.

In another method, laptop 11 allow only packets to and from knownservers such as trusted server 50 (i.e., white listing the allowedaddresses).

To protect the privacy of STA while it is surfing, its traffic can betunneled to a trusted network site 50, which acts as its proxy. Thenetwork site can be replaced by simply tunneling the connection toanother node in the network, and switching the network node once in awhile. The access to the remote nodes is made without identifying theSTA, but only proving that it belongs to the group of STAs, thus, itsprivacy is preserved. The frequent switching of remote nodes eliminatesthe possibility that a remote node can gather a significant amount ofprivate information from peeking into the communication. The list ofavailable remote nodes can be kept by a directory service, which can bedistributed in a peer-to-peer fashion.

in another embodiment, the remote node is a trusted computer installedby the user. Such a configuration has the added benefit that the usercan access internal nodes in his own private network, effectively havinga Virtual Private Network (VPN) with his home network.

FIG. 7 details control and security aspects of the Vagabee spreadingmethod including:

a. First STA transmits “AP available” WIFI info 41

b. Info is presented to Guest 42

c. Guest has Vagabee software? 425

d. Guest agrees to use our service? 45

e. Download connectivity software to Guest and activate it 46

f. Connect Guest to Internet and allow wider access, excluding privateservers/sites 472

g. Guest transmits “AP available” info and further spreads our service48

h. Guest uses encryption and secure website to preserve privacy fromconnecting STA 481

i. Establish best route for all STAs 482 adaptive to changes in network.

Load balancing.

Connections thru multiple routes.

j. Connection time>Ts? 483

k. Disconnect/change connection 485

*** End of method ***

Note: Not all the steps above are mandatory; a method may implement onlypart of the steps in the above method.

Maintaining Fairness

It is desirable to avoid an unfair situation in which one user exploitsthe network by continuously using a connection without ever sharing aconnection. If many users follow these lines, the network experiencewill degrade as there will be only a small number of laptops connecteddirectly to APs. A novel mechanism detects that a STA is connected tothe Internet by noting that the same STA (using the same laptop)connects from the same small area (or through the same AP) for a longperiod of time (i.e., beyond a threshold). For example, this thresholdcan be set to two weeks. Once a STA passes the threshold, thefunctionality 31 notes the user that the threshold is reached.

The user is then required to move to another area or pay a small fee tocontinue and access the AP.

Functionality 31 may note the user when the threshold is beingapproached, even before it actually reaches it. It can then give apre-warning to the user.

The laptop is identified through his account information, through theMAC address of his network card, and other machine-specific information,such as the serial number of the hard-disk.

FIG. 8 details coordination and control aspects of the Vagabee spreadingmethod for the first, connecting STA, including:

a. First STA connects to AP in “AP” mode 412

b. Set wireless connection as “Ad-Hoc” using the same channel as the AP413

c. Transmit beacon message at a delay after AP or set beacon period soas to minimize collisions 415

d. Act as AP for additional STAs, while preventing them access to itsinner network 416

e. Replace commercial banners for own site and also for STAs connectedto this STA 417

f. Security Option: Allow connection of connected STAs only if it is atleast X hops into the Internet 418

g. Maintaining fairness: demand a connected STA to disconnect or move orpay after a predefined time 419

** End of method **

FIG. 9 details multi-AP, fast configuration setting and handover aspectsof the Vagabee spreading method for the second, to be connected STA,including:

a. Connect through a first AP 481

b. Activate Vagabee to provide AP service to other STAs 482

c. Search for additional paths to 483 establish multiple simultaneousconnections thru multiple APs

d. Copy configuration of connecting STA, 484 to gain direct access tothe initial AP, or receive connecting instructions for STAs with trustedhardware

e. Preserve privacy using tunneling 485 to a trusted network site forsensitive traffic

f. Perform handover whenever necessary 486

g. When moving to a new location: 487 establishing a connection withavailable AP, Activate Vagabee to provide AP service to other STAs

h. Maintaining fairness: demand a connected STA 419 to disconnect ormove or pay after a predefined time

i. Control over advertisements (optional)

*** End of method **

In a novel method hereby disclosed, the functionality 31 can scan theweb pages that pass through it and block or replace the advertisementson the page depending on various data such as the user name, the userlocation, etc. The advertisements can be performed in collaboration withthe web site that is being surfed into, or without.

Note: the functionality (or software module) 31 is an important part ofthe present method, a minimum requirement to allow Xiopea™ spreading.Moreover, module 31 need not include all the possible things that thisfunctionality can include, rather just the bare minimum directed towardallowing a connection to a STA in return to supporting the spreading ofthe this software.

The site 30 can instruct functionality 31 as to which advertisementsshould be removed or changed, and which advertisements should be placed.New advertisements can also be added in places that there were noadvertisements to begin with.

The software 31 running on laptop 11 can replace the commercial bannersthat appear in the web pages that laptop 11 surfs into, as well as theweb pages that STA 13 surfs into. The banners can be stopped, replaced,and made specially targeted to the user, for example based on hislocation.

Configuration of Wireless Networks

An annoying task associated with wireless networks is the configurationof a STA to work with a network. The security settings are especiallyannoying, and currently, many people avoid securing their network due tothe cumbersome setting procedure.

A novel method is disclosed to perform easy configuration of a wirelesssettings. The method is composed of two parts, the first is establishingthe settings for the first device, and the second part is establishingthe settings for the rest of the devices. First part: Assume a user onlaptop 11 is connected to his wireless AP 10. If AP 10 is not set to useencryption, the user can ask (or be offered) to secure his network.Functionality 31 automatically accesses the interface of AP 10 andconfigures it with security settings. Laptop 11 is also set with thesecurity settings. The settings are also stored in an account in website 30, for future use. Site 30 can also provide functionality 31 withthe information on how to set the security setting on the specific modelof AP 10.

Second part: When the user uses another device STA 12, he connects tothe network through functionality 31 on laptop 11, which redirects himto web site 30. On the site, he can log-in using his account details.Web site 30, through functionality 31 which is running on laptop 11,discovers that the two devices (laptop 11 and STA 12) are both connectedthrough AP 10, and both belong to the same user account. As a result,web site 30 offers the user to reconfigure STA 12 to work directly withAP 10. The user is advised to download functionality 31 to STA 12, andrun it. Once functionality 31 is running on STA 12, it configures STA 12with the settings of the network (which are retrieved from web site 30,or directly from :laptop 11).

FIG. 10 details multi-AP, fast secure configuration setting andredirection aspects of the Vagabee spreading method for the first,connecting STA, including:

a. First STA connects to AP in “AP” mode 412

b. Establish settings for first STA: 511 configure AP with securesettings, set STA with secure settings.

Store settings in web site.

c. Redirect a connecting STA to the web site 512 to configure it withsecure settings.

** End of method **

FIG. 11 details multi-AP and fast configuration setting aspects of theVagabee spreading method for the second, to be connected STA, including:

a. Connect through a first/available AP 481

b. STA has secure sub-system trusted by the web site? 482

c. Web site allow it to retrieve the 483 settings of the network fordirect connection

d. Both STAs use the same AP 484 and same user account?

e. Agrees to connect directly to AP? 485

f. Download functionality and activate it 486

g. Configure STA with the settings of the network 487

** End of method **

Many variations can follow to the above procedure, and should be clearto those skilled in the art. For example, the settings may be stored onlaptop 11 instead on web site 30, the settings may be encrypted, and thesequence of events can be changed. The result is an easy configurationof the network by the user.

FIG. 12 illustrates the mobile stations (STA) with their covering AccessPoints (AP), where STA 11 is moving from the coverage of AP 31 to thecoverage of AP 312. STA 12 is already in the coverage of AP 312, andanother AP 313 has a coverage that intersects with both the coverage ofAP 31 and AP 312.

A Network Infrastructure for Other Devices

Functionality 31 may allow devices that do not have the functionality 31to access the network. Such a device receives a capability to beidentified as eligible to access the network towards functionality 31,and it identifies as eligible to access towards functionality 31 on thelaptop in order to gain access to the network. Such identification mayinclude cryptographic means, such as a digital certificate signed by anappropriate certification authority (CA) which gives the device thecapability to be identified. Alternatively, the devices can beidentified based on their MAC address. A username/password can be addedfor additional security.

Configuration of Secure Devices

it might be desirable to allow a device to directly connect to an AP,rather than connect through a laptop. When devices have a securesub-system, i.e., a sub-system that is trusted by web site 30, web site30 may allow it to retrieve the settings of the network (assuming thatthey are stored on web site 30), and configure the device to use thenetwork.

As the device has a trusted sub-system, the settings can be stored inthe sub-system, such that they do not leak outside.

Alternatively, functionality 31 can reconfigure the AP to allow accessto a roaming device.

Displaying the Coverage Map

A problem often faced by users that wish to connect through wirelessinternet is that they cannot connect to the internet in their currentlocation because the coverage in their area is locked, and they do nothave access rights. A novel method and system helps users find thenearest location from which they can connect. Web site 30 holds a listof all access points from which users can successfully connect, togetherwith all the list of APs from which are closed. The list includes theMAC address of each AR Parts or all of this list can be downloaded inadvance to a device, such as into laptop 11.

Then, laptop 11 uses the beacons of the APs which might be locked todetermine its position (for example, www.SkyHookWireless.com usesbeacons to determine the location of a STA). Then, laptop 11 can displayon a map the location of the user, and the locations of near by accesspoint in which it can connect to the internet. The user can then go tothe nearby locations and connect to the Internet. The list in site 30can be constantly updated by information that STAB receive.

In another embodiment, the list of APs in site 30 can also hold theprobability that the AP is accessible. The probability can change if theaccess is provided by a laptop rather than an AP, and the laptop may bepresent or not. An area covered by several independent APs, each withlow probability, results in an area with higher probability ofaccessibility in the intersection of these areas. The probability ofaccessibility can be depicted in the map shown to the user, for example,by different colors representing the different probabilities.

It is understood that the method and system in the present disclosuremay be used for the transmission of voice, data, multimedia or acombination thereof.

Gathering Physical Location

To display a map of coverage, the real-world physical location of STAsneeds to be known. A novel idea is to use STAs that are equipped withboth GPS (Global Positioning System) and WiFi to report hack to a server(for example, web server 20), a scanning result and the physicallocation in which the scan was performed. The server can extract thephysical location of the fixed APs and store it in a database. At alater time, when a WiFi-equipped STA that lacks a GPS receiver performsa WiFi AP scan, it can report the results to the server, which can usethe database to determine the physical location of the STA. Thisphysical location can be used to provide location-based services.

Fast Handover

A novel aspect of very fast handover is to practically almost completethe process of the handover before it even started.

Consider an example depicted in FIGS. 12 and 13, in which STA 11 is inconversation with TN 41 (TN—Termination node, the node with which STA 11communicates, shown in FIG. 13), and STA 11 is moving from AP 31 towardsAP 32. Also assume that a node GN 21 (GN—Governing Node, a node that isnon-exclusively responsible for the mobility management in a certaingeographic area for a given time, shown in FIG. 13) is in contact withSTA 11, and it is assisting STA 11 during the handover process. STA 11currently has an IP address, which was allocated to it by AP 31.

To complete the handover, STA 11 should be associated with AP 32, havean IP address assigned by AP 32, complete any second authentication thatis required, and have TN 41 be aware of the new IP address, so it canforward the conversation to the new location.

Note that in some scenarios (in some cases when there are firewalls orNAT devices between AP 32 and TN 41, the connection between STA 11 andTN 41 must be started from within AP 32 towards TN 41).

According to prior art, it appears that STA 11 cannot begin the handoverprocess until it reaches the coverage of AP 32, since it cannot startthe connection process. One novel solution (that requires changing thesoftware of the AP) is to allow STA 11 to perform the connection processthrough the Internet, instead of performing it wirelessly. In this way,once STA 11 reaches radio connection with AP 32, it can start workingimmediately.

However, we are more interested in solutions where there is no need tochange the AP. To achieve this goal, assume the existence of anon-moving STA 12 in the coverage of AP 32 (we will somewhat soften thisassumption later). According to the present invention STA 12 is incontact with GN 21, and receives instructions to impersonate STA 11towards AP 32 (we will later discuss how to make it possible), andcomplete a connection process with AP 32 on behalf of STA 11 (includingauthentication, association, receiving an IP address, performing anysecond authentication/log-in procedure, and perhaps even openingconnections or “punching holes” in the firewall).

Then, STA 12 communicates these parameters to GN 21 (once the parametersare communicated, STA 12 can return to its real identity). GN 21communicates the parameters to STA 11 (and perhaps to TN 41), and thus,STA 11 does no longer need to perform the connection process, and onceit reaches the perimeter of the coverage (we will later discuss how toidentify this situation) it can immediately use the new parameters andcontinue communications without any delay. STA 11 (or GN 21) can alertTN 41 before the handover, so it can start and send information packetsto the new location.

TN 41 may send the information in parallel to the old and the newlocation, and cease transmitting to the old location once the handoveris complete (e.g., when it receives information from STA 11 with itsaddress from the new AP). STA 12 may even open a TCP (TransmissionControl Protocol, as used in the Internet) connection or send a UDP(User Datagram Protocol) packet on behalf of STA 11, if required.

This connection may wait for STA 11 until it reaches AP 32. If there isa timeout on these connections (either due to protocol, or due tofirewalls), STA 12 or other bypassing STAs can send and receive-keep-alive- messages on behalf of STA 11 (as is instructed by GN 21).The timeout for each AP can be discovered over time by trial and error(or by discovering the APs type), and storing this information in GN 21for future use. GN 21 can notify the STAs on the value of the timeout.

How STA 12 can impersonate STA 11:

To understand how STA 12 can impersonate STA 11 towards AP 32, we mustunderstand how identity is established in the network. The basicidentity in the network is the physical address which is known as MACAddress (Media Access Control Address, which is globally unique. Eachmanufacturer is allocated a portion of the address space and allocates aunique MAC address to every network card (including WiFi network card)that it manufactures. Then, the manufacturer burns the allocated addressinto the network card. However, in most network cards, an applicationcan (temporarily) change the MAC address of the card to another MACaddress.

The MAC address is not used for end-to-end communications over theinternet, but usually only for communications within the same physicalnetwork. For example, STA 12 communicates with AP 32 using MAC address,but GN 21 is not usually aware of the MAC address of STA 12. The MACaddress is universally unique. We use the feature of temporarilychanging the MAC address in the network cards in a novel way, allowingSTA 12 to impersonate STA 11.

Therefore, in the instructions that GN 21 gives to STA 12, it mentionsthe MAC address of STA 11, so STA 12 can assume the MAC identity of STA11. Then, STA 12 can complete the association with AP 32 (using the MACaddress of STA 11)), in which it receives the Association ID (AID), andcompletes a DHCP protocol in which it receives an IP address to be usedwith the MAC of STA 11 while it is using AP 32. STA 12 can also performa second authentication and log-in on behalf of STA 11.

STA 12 sends the connection information back to GN 21, which forwards itto STA 11. STA 12 can return to its original MAC address, but theallocated resources at AP 32 remain allocated, as from the point of viewof AP 32, STA 11 is already connected and in coverage. In order to avoidlosing messages that are sent to STA 12 during its impersonation to STA11, it can either continue and listen using both its own MAC address andSTA 11's MAC address, or it can issue a -power-save- mode command to itsserving AP. The power save mode indicates the AP that the STA issleeping for a while, in which time the AP is buffering the incomingdata packets. Therefore, even if STA 12 is connected to the internetusing another AP, it can issue a power-save mode command, possiblychange the frequency, and perform the connection on behalf of STA 12. Itcan return to its serving AP once the connection is established, or poolfor incoming messages once in a while.

First Softening of the Assumption that STA 12 is in the coverage of AP32: What if STA 12 is not in the coverage of AP 32, and there is noother station in AP 32's coverage—The following process can be performedin advance, well before a handover is needed. GN 21 can ask (in advance)stations that pass through AP 32 to connect and receive an IP addressfrom AP 32 using some MAC address. The MAC address is not necessarilythe MAC address of STA 11, as the process is not specific to STA 11. Thestations send the connection details to GN 21, which stores the AID, theMAC, the IP address and other connections details in a pool for futureuse.

The pool may even contain UDP or TCP connections, which may be keptalive by bypassing STAs (against timeouts of firewalls, Network AddressTranslator devices (NAT), and protocol timeouts). UDP and TCPconnections in the pool are targeted to some node in the network thatcan forward information for other nodes (for example TN 41). When aconnection is required by some STA, the pool is queried, and a resourcecan be allocated and applied by a STA. As a result, a station mightchange its MAC address and IP address every time it moves between APs.If the station moves very fast between these access points, GN 21 canpredict the direction in which the station is moving based on pastmovements, inform TN 41 of the possible future addresses.

Using this method, TN 41 can send data to the new address even beforethe station actually moved there. In some implementations of the APs andfirewalls between AP 32 and TN 41 the STA must first send data before itcan receive any data, otherwise, the firewall may block the incomingdata, or a NAT (Network Address Translator) device might not know whereto forward the data. The restriction, that the STA must be the first tosend data, is usually required due to security policy that allows onlyoutgoing connections, or due to NAT device that need to relate aninternal IP address and port number with an external IP address and portnumber.

For example, in most NAT implementations a connection must beestablished from within the NATed zone (e.g., the AP coverage) towardsthe internet. Many also require that the connection is established fromthe private network towards the internet (rather than allowing incomingconnections from the internet towards the private networks). In thesecases, the data that TN 41 sends is not transmitted by AP 32 until thestation reaches the access point and transmits information back to TN41. Depending on the type of firewalls and NAT devices, TN 41 might beable to predict a port number to which it should send such messagesbefore the first outgoing data packet is transmitted.

Another associated novel disclosure is that the same MAC address and IPaddress can actually be used by more than one STA. The differentiationbetween the STAs can be performed by using higher protocol identitiessuch as different ports (for example TCP ports). Using the same MAC andIP address in more than one STA is not problematic for packets that aresent from the STA.

However, while receiving an incoming packet, only one STA should send anacknowledgement. As each STA knows the ports that are in use, it onlyacknowledges messages that are designated to it. GN 21 can coordinatebetween the STAs such that they do not use the same ports. For example,if there are at most n stations using the same MAC and IP address,station i will allocate port numbers that are equal to i modulo n.Another solution is to choose the port number at random. If each STAuses one port at random, according to the birthday paradox, portcollisions occur with very low probability as long as the number ofconnections is smaller than about the square root of 65536 (i.e., whenthere are less than 256 connections using the same IP).

Another idea is to change the software at the AP such that it cancommunicate with GN 21 and perform the connection procedure on behalf ofSTA 11.

Knowing who are the adjacent APs and the location of a STA:

It is useful for a station STA 11 to know the identity of the adjacentAPs that the station might hand over to. The identity of an AP can beestablished in several ways: The SSID (Service Set ID) of the AP isusually broadcasted by the AP using periodical transmissions known asbeacon. However, two adjacent AP may have the same SSID. In such a case,the MAC address of each AP is different, and APs can be differentiatedbased on their MAC address. Some APs do not transmit their SSID, butthey still broadcast beacon messages with their MAC address. Even if theAP is locked and encrypted the MAC address is transmitted, and it istransmitted without any encryption. In this way, STA 11 can know theidentity of adjacent APs, and infer its location.

Scanning by Idle STAs:

In a preferred embodiment, GN 21 collects information about APs whichare adjacent. Idle stations (i.e. stations which are not in an intensivedata transfer) can perform a scanning operation once in a while. As aresult they learn the MAC address (and possibly the SSIDs) of the APswithin radio reach. The STAs can then send this information to GN 21which collects it. The idle STAs can also perform tests to check what isthe accessibility parameters of an AP (e.g., is it an open and free AP,is it a locked AP and the password is available from GN 21, is it lockedand there is no free access to the AP, is there a captive portal, doesGN 21 have a username/password available for the captive portal, etc.).All this discovered information is sent to GN 21.

When handovers are performed, GN 21 takes note of the sequence ofhandovers that occur, and can learn common paths which are taken (forexample, a road or a crosswalk might cause more likely paths thanothers).

It is very important that GN 21 knows in advance the AP to which STA 11will be handed over to and when the handover will occur. Such aknowledge allows, for example, to alert TN 41 of the new location inadvance. Gaining accuracy in the prediction of the handover (when andwhere) translates to better performance, as GN 21 needs to allocate aMAC address and an IP address to STA 11 in the new AP, and TN 41 mightstart to send data to the new location.

Therefore, knowing who the neighboring APs are, and their receptionquality at STA 11 is very important.

Scanning by a Non-Idle STA

In principle, STA 11 can scan the surroundings once in a while and lookfor the beacons of adjacent APs, and thus measure the reception qualityfrom each AP. However, such a scanning takes a lot of time (might eventake couple of seconds for a full scan). Selective scanning for APswhich are expected to be neighbors can reduce the scanning time, but itcan still stay in the magnitude of a few hundred milliseconds. It isimportant to understand that during a contemporary scanning usingcurrent technology, STA 11 cannot receive or send messages from or to AP31, which means that the scanning time must be reduced to reduce thisdisconnection time.

The novel disclosed method is that STA 11 will selectively scan for aneighboring AP in the following special way. Assume that STA 11 scans tosee if it can receive the beacon of AP 33, where the scanning isperformed exactly when the AP 33 is expected to transmit its beacon.Therefore, the disconnection from AP 31 will be minimal. The problem is,however, that although the beacons are transmitted periodically, STA 11does not know when a beacon is expected to be transmitted from AP 33. Asthe beacons are transmitted about every 102.4 ms (milliseconds); (manyvariations are possible), STA 11 might be forced to wait on average 51.2ms, which is a prohibitively long time to wait.

STA 11 may also transmit a Probe message to force a beacon to be sentespecially for it—but a probe message requires a transmission that hasimplication on battery life. Furthermore, for the purpose of locationfinding, STA 11 might wish to be able to receive beacons of APs thatwill not answer the probe (due to range, policies, etc.)

We can safely assume that other STAs visited the area of AP 33 beforeSTA 11, and that they have reported the rate of the beacons of AP 33(e.g., a beacon every 102.4 ms). A problem that remains is that thebeacons are scheduled according to the internal clock of AP 33, whichmight tick at a different rate than other clocks (and clocks tend totick at different rates). Moreover, the clock of the visiting STAs isprobably not exactly synchronized with the clock of STA 11, which makesthe process inaccurate.

That is, even if STA 11 knows that at a specific time according to someSTA's internal clock a beacon was transmitted, STA 11 will not know howto translate this information to his clock, as the clocks are probablynot synchronized to such great accuracy (network time synchronizationservices such as the network time protocol (NTP) cannot be more accuratethan a couple of tens of milliseconds, where in this case we need anaccuracy of around one millisecond). The following novel method allowsaccuracy of microseconds.

The novel approach for time synchronization is to rely on a relativelyaccurate clock already available to STA 11: The 802.11 standard requireseach AP to transmit in its beacon its clock (referred to in the 802.11standard as timestamp). This clock must be the internal clock of the APat the time of transmission in units of microseconds. Therefore, STAscan specify the value of the dock of AP 33 in terms of the value of theclock at the adjacent AP 31.

By measuring the timestamp of AP 31 and AP 33 at two different timesT311 and T312 (based on the clock of AP 31), in which the time value ofAP 33 T331 and T332, respectively, it can be established with reasonableaccuracy that AP 33 clock ticks approximatelyr33/31=(T332−T331)/(T312−T311) times for every clock tick of AP 31. Attime T313 in the future, the clock of AP 33 can be estimated asT333=T332+(r33/31)(T313−T312). Similarly, at time T334 the clock of AP31 can be estimated as T314=T312+(1/r33/31)(T334−T332).

Beacons are scheduled to transmission when the clock of the AP modulothe beacon interval is zero, where the beacon interval is measured inmicroseconds according to the clock of the AP, it is fixed for an AP,and the value of the beacon interval is transmitted in the beacon.Therefore, GN 21 stores the relation r33/31 together with T332 and T312and the beacon interval of AP 33 and AP 31, and reports it to STA 11such that it can extrapolate the time at AP 33 and infer the time of thebeacon transmission.

Once STA 11 succeeds in receiving a beacon from AP 33 it can report thetimes to GN 21, so that GN 21 can keep its time tracking accurate.Furthermore, the scanning allows GN 21 and STA 11 to make the besthandover decisions based on the knowledge of the approximate location ofSTA 11 with respect to the neighboring APs.

A technical problem to be solved is that a STA can know the value T311but cannot measure the value of T331 at exactly the same time of T311 asthese values are carried on the beacons of APs, which are transmitted atdifferent times.

A solution is to measure the time of AP 33 T331′ at a time close toT331, and note the time difference between the two measurementsaccording to the STA's internal timer. As the measurements are veryclose to each other, the clock drift between the STA's timer and AP 33'stimer is negligible, and we can estimate that T331=T331′+timediff, wheretimediff is the time difference between the measurements of T331 andT331′ according to the timer of the STA. If there is a large clock driftafter all (although it is not expected), it can be corrected bycalculating the r value between the clock at AP 33 and the STA in asimilar way to the way done for APs.

The location of STA 11 can be deduced from the reception quality, thereception strength and the identity of the neighboring APs. Thislocation information can be taken into account while performing handoverdecisions, as well as for location based services or for other networkapplications.

It should also be noted that in Frequency Hopping, knowing the time ofthe AP has another special importance, as the frequency that the APworks in might depend on the time.

FIG. 14 details a preferred embodiment of the handover method,including:

a. STA prepares in advance for a handover: 541

Assisted by another STA (or STAs)

Optional: use the same MAC and IP addresses in more than one STA

Learn the identity of adjacent APs

Measure beacon strength from other APs

b. GN supports handover: 542

GN keeps a pool of MAC and IP addresses

GN sends the addresses to STA just before it enters the AP

c. STA reduces the number of Location Updates 543 by only updating whenchanging location area

d. GN transmits a pseudo-beacon including 544 MAC address, IP address,port number

e. Easy security configuration: 545

The AP of the customer is not changed

Establish secure channel with STA and Copy security information, or

Connect the STA initially by wire

f. Gain access to locked networks 546 by joining the Vagabee service

g. Maintain simultaneous communication with 547 more than one AP,

Update net configuration responsive to changing circumstances

** End of method **

FIG. 15 details a method for implementing two connections with a STA.The method includes:

a. Load BSS firmware to the NIC 415

b. Associate with AP using a first SSID 416

c. Load IBSS firmware to the N IC, but do not perform 417 dissociationfrom AP before loading the IBSS

d. Create an ad-hoe network using a second SSID 418

e. Communicate with AP and STA that connect to 419 the second SSID

** End of method **

FIG. 16 details a method for connecting other STAs, including:

a. First STA, using a single Wireless NIC, 491 connects to an AP using afirst SSID, and creates a network using a second SSID

b. Allow other STAs to connect to the Internet by 492 allowing them toconnect to the second SSID.

The first STA decrypts and encrypts data packets as needed based on thesecurity parameters of the first and second SSID (or APs), and performsaddress translations and forward packets between the second and firstSSID to facilitate this connection for other STAs.

** End of method **

FIG. 17 details another method for connecting other STAs, including:

a. First STA, using a single Wireless NIC, 491 connects to an AP using afirst SSID, and creates a network using a second SSID

b. Allow other STAs limited access to the Internet by 492 allowing themto connect to the second SSID. The limited access includes the abilityto download a software that implements the current method.

The first STA decrypts and encrypts data packets as needed based on thesecurity parameters of the first and second SSID (or APs), and performsaddress translations and forward packets between the second and firstSSID to facilitate this limited connection for other STAs.

c. When the first STA detects that another STA 493 has a software (whichimplements the current method) installed, the first STA allows the otherSTA a wider access to the Internet.

** End of method **

FIG. 18 details a method for configuring other STAs to directly connectto the AP, including:

a. First STA, using a single Wireless NIC, 491 connects to an AP using afirst SSID, and creates a network using a second SSID

b. Allow other STAs limited access to the Internet by 492 allowing themto connect to the second SSID.

The limited access includes the ability to request an ability to accessthe first SSID directly, i.e. not through the second SSID and the firstSTA.

c. The first STA decrypts and encrypts data packets as needed based onthe security parameters of the first and second SSID (or APs), andperforms address translations and forward packets between the second andfirst SSID to facilitate this limited connection for other STAs.

d. Another STA requests an ability for direct access to 494 the firstSSID

e. First STA prompts user: To 495 allow this access?

f. Security access parameters to access the first SSID are copied 496from the first STA to the other STA

g. The other STA can access the first SSID directly 497

** End of method **

FIG. 19 details another method for configuring other STAs to directlyconnect to the AP, including:

a. First STA, using a single Wireless NIC, 491 connects to an AP using afirst SSID, and creates a network using a second SSID

b. Allow other STAs limited access to the Internet by 492 allowing themto connect to the second SSID.

c. First STA's user can view a list of 498 connected STAs and can chooseto allow access directly through the first SSID to a chosen other STA

d. Security access parameters to access the first SSID are copied 496from the first STA to the other STA

e. The other STA can access the first SSID directly 497

** End of method **

FIG. 20 details yet another method for configuring other STAs todirectly connect to the AP, including:

a. First STA, using a single Wireless NIC, 491 connects to an AP using afirst SSID, and creates a network using a second SSID

b. Allow other STAs limited access to the Internet by 492 allowing themto connect to the second SSID.

c. Security access parameters to access the first SSID are copied 496 tothe other STA

d. The other STA can access the first SSID directly 497

** End of method**

Preventing Exhaustion of Resources at the AP

As discussed in the “Background” section, each AP has a limited numberof Association IDs (AID) and usually, even a smaller pool of IPaddresses (available through DHCP). Once this number of resources isexhausted, the AP might not be able to serve new STAs. A situation whereIP addresses are exhausted can happen very quickly: for example,consider an AP in a very busy location, where there are many STAs thatconnect to the AP only for a short period of time. Each STA performs theconnection process and obtains an IP address using DHCP, but as itdisconnects it might not release the IP address.

The pool of IP addresses in an unmanaged AP is usually limited to about200 addresses, with many consumer APs supporting only tens of addresses.A device is assigned the IP address for a given period of time (known asthe lease time). Many times, the lease time is set in a magnitude ofdays (although the granularity is seconds), and in many other instancesthe lease time is set to a magnitude of hours. In such a situation thepool of IP addresses runs empty very fast.

However, in this disclosure for fast handovers, GN 21 keeps a pool ofMAC addresses with associated IP address, just before a STA enters theAP, GN 21 can send it a MAC address and an IP address that are alreadyassociated with the AP. Therefore, the STA can connect even if the APhas no resources left for new STAs. Combined with the above disclosurethat allows several STAs to share the same MAC address and IP address,an AP can serve more APs than its IP resources, even above its limit onthe number of associated STAs.

Saving Battery Power by Reducing Location Updates

A novel disclosure of this invention is a method to reduce the number oflocation updates that are needed in WiFi, when a STA is idle. A locationupdate is the process in which a STA informs an entity in the network ofthe current location of the STA (the notification can take many forms,including opening a TCP connection, or sending UDP packets). In priorart for WiFi networks (with for example mobile IP, or SIP—SessionInitiation Protocol), a location update is required whenever the IPaddress of the STA changes (for example, when moving between APs ofdifferent subnets)—even if the STA is idle.

The novel method allows defining a location area for WiFi, such that aSTA needs to perform location update only when it moves between APs thatbelong to different location areas, but does not need to performlocation update when it moves between APs of the same location area aslong as it's idle.

We assume that the APs are divided into location areas, and for eachlocation area there is a node in the network that is in charge of thislocation area. For example, assume GN 21 is in charge of a location areacomposed of AP 31, AP 32, and AP 33.

How does a STA know which AP belongs to the location area—Either GN 21gives it a list of all the APs that belong to the location area, or GN21 transmits a pseudo-beacon in each AP.

A pseudo-beacon is a novel disclosure of this invention. It is a messagethat GN 21 can periodically transmit in each AP. While some APs mightpermit a remote node to transmit a message in the AP, other APs mightnot allow it. In the novel method, a certain MAC address, IP address,and possibly port are allocated in each AP for the purpose ofpseudo-beacon transmission, GN 21 asks some STA to open a connectionusing these resources to GN 21, and GN 21 sends the pseudo-beaconmessages using this transmission. Each pseudo-beacon contains theparameters needed to listen to the pseudo-beacons in the adjacent APs. ASTA that lacks these parameters can contact GN 21 and receive them.

From that moment on, the STA can move between APs in the same locationarea, and receive the parameters that are needed to listen to thepseudo-beacon from other pseudo beacons. For example, assume that STA 11is located in AP 31 and is moving to AP 32. STA 11 listens to thepseudo-beacon at AP 31, and from the pseudo-beacon learns the parametersthat are needed to listen to the pseudo-beacon of AP 32. Thus, STA 11can move to AP 32 without any transmission.

Which STAs of the stations in AP 31 should acknowledge thepseudo-beacon—Preferably, none. However, some firewalls require minimumrate of outgoing packets to maintain an open connection. In such a case,once in a while GN 21 sends on the pseudo-beacon a message that asks anystation to send an acknowledgement with some probability p. Theprobability that GN 21 states should be accommodated to the expectednumber of stations in AP 31 (GN 21 might not exactly know how many STAsare in the AP). If no STA acknowledges the pseudo-beacon for over theneeded time, and the timeout of firewalls stop the incoming messages,then no pseudo-beacons are transmitted. In this case, a roaming STA willcontact GN 21 after a certain period of time of probing for thepseudo-beacon has passed (and no pseudo-beacon is seen). GN 21 canrequest the STA to reopen the connection for the pseudo-beacontransmission.

If the STA is in a session with TN 41 with many packets received (e.g.,above a certain threshold), it is considered non-idle (which we alsorefer to as “In conversation”) and is treated as described above in“Fast handover”.

However, assume that STA 11 is in idle mode (e.g., incoming packetsbelow a threshold), it can move between APs of the same location areawithout performing location update. When a node TN 41 wishes to senddata to STA it STA 11 should change its state from idle to inconversation. TN 41 contacts GN 21 (TN 41 might be forwarded to GN 21through a system such as dynamic DNS (Directory Name Service) or anothermethod, such as a Distributed Hash Table—DHT, or a peer-to-peernetwork).

GN 21 sends a paging message for STA 11 on the pseudo-beacon of all theAPs in the location area. As STA 11 listens to one of thepseudo-beacons, STA 11 will receive the paging message. Then, STA 11responds preferably to GN 21 (or to TN 41, depending on what is writtenin the paging message) by initiating an outgoing connection as describedbelow. It should be noted that GN 21 can first page for STA 11 in theAPs that have a higher chance covering STA 11, and the paging can repeatseveral times until STA 11 replies.

When a STA is required to initiate an outgoing connection it can use aresource (MAC, IP, or TCP/UDP with port, user/password) that is listedas available on the pseudo-beacon or on the paging message, or it canrequest its own resources from the AP. If two (or more) STAs use thesame resources for a connection at the same time, GN 21 will detect it,and in the ac knowledge message (or second message of the TCP handshake)will announce the identity of the STA that it answers to. The other STAis required to initiate an outgoing connection again. Once a connectionwith GN 21 is established, GN 21 can allocate resources to the STA suchthat it moves to be in conversation status. One of the resources thatare allocated is GN 21 attention to accompany the STA as it might needto perform handover to another AP.

it should be noted that the location areas can overlap, meaning a singleAP can belong to more than one location area. Upon the policy of thenetwork, STA 11 might be required to perform location update when itreaches such a APs, or it may just give helpful information. Ifpossible, a STA might prefer to park on an AP that is within the samelocation area as its current AP, such that a location update is avoided.

It should also be noted that there is a tradeoff between the overheadthat is spent during paging and establishing the connection, and theoverhead that is being spent to keep a steady connection for each AP.The optimal point on the tradeoff depends on the rate that the APswitches APs as well as on the number of packets it receives and sends.

Easy Configuration of STA

When purchasing a new STA, it is required to configure the STA with thesecurity settings of the existing network (in case the network issecure). If the network is not secure, the new owner usually only needsto select his network from the list of available networks that isreceived by the wireless network card.

Configuring the security might be a tedious job, as the security(authentication/encryption) code might be very long as known in the art,which the user might need to punch in. A novel solution for easyconfiguration is disclosed. Unlike previous solutions, the novel methoddoes not require changing the existing AP of the customer. In oneembodiment, software is run on a personal computer of the user (that isalready configured to access the WiFi). Then, the software establishes asecure channel with the STA, and copies the security information fromthe personal computer to the STA. In this way, the STA learns thesecurity parameters.

In another embodiment, the customer first connects the STA by wire toits network (or alternatively, the STA first connects using a connectionit establishes through an already connected device, such as a personalcomputer). As the STA can receive and transmit signals on the wirelessnetwork and it is connected to the internet (through the otherconnection) at the same time, it tries to locate the web configurationof the AP on the wired network (most APs have a web interface). In mostcases, it is an easy job for the STA, as either the STA can locate theAP as it is the default gateway of the wired network, or it can try tofind its IP by performing RARP (Reverse Address Resolution Protocol)using the wireless MAC address of the AP (which it can see off-the-air).

If none succeeds the STA can perform exhaustive search on commonly usedIP addresses, or on very probable addresses, like all the IP addressesof the same subnet. Once the AP web interface is found, the STA tries tolog into the AP. It can guess the default address or find it on adatabase that can be built on the web, with common default passwords foreach manufacturer (the manufacturer and model will be usually sent bythe AP during the web login process, or can be found out using the MACaddress, which is unique per manufacturer). If the password for the APcannot be guessed, the user is prompted for its password to complete thelog-in. Then, the STA navigates to the security settings page andretrieves the password needed for the wireless network.

in the event that the procedure fails, the user is prompted for thesecurity settings (which would happen without using the above method).For most common users and setups, the method succeeds (and forunsophisticated customers, who do not change the passwords—it succeedsin the majority of the cases). Thus, in the majority of cases, the setupis made much simpler.

Once the STA has access to the setup of the AP, it can (with permissionfrom the user), open holes or forward certain port to some IP address.This IP address and port can serve as way that GN 21 can send andbroadcast the pseudo-beacon, without a STA first opening a connectionfrom the AP, and without worrying about timeouts (provided that thereare no other firewall between the AP and GN 21). Opened ports can alsohelp during the fast handover, such that TN 41 can directly send packetsto the new location without a need for STA 12 to open the connection.

In corporate settings, the company can set a special server which givesthe configuration to the phone, over the network.

Gaining Access to Locked Networks

While performing the above easy setup (or at any other time), the useris prompted if he wishes to join a swapping service. The swappingservice allows the user to gain access to many locked networks (thelocked networks of the other users that joined the swapping service), inreturn that he allows users to use his network for the purpose ofconnecting to the Internet. If the user agrees, the access parameters tohis network (encryption key, MAC address, default gateway, etc.) aresecurely stored in the network (for example in GN 21, and a backupserver). The security information is securely sent directly into thehardware (or network card) of other STAs, when they need to connectusing his AP.

As the security parameters are sent directly to the STA's networkhardware, it can make sure that the communication that is established isdesignated outside the user's network, and will not jeopardize thecomputers on the user's network. Furthermore, GN 21 can monitor theamount of bandwidth that is consumed by visiting users, and to make suretheir hardware limits the amount of used bandwidth such that the userdoes not experience a degradation of quality of his connection.Alternatively, the security information can be sent to the other STAsusing other security measures, as known in the art.

In many scenarios it is enough to trust the software that runs on theSTA to make sure all communications are targeted outside the user'snetwork, such that it does not jeopardize the computers on the user'snetwork, and limit bandwidth used by the STA.

The secrecy of the security parameters (such as the encryption key) canbe cryptographically protected while on transit and storage, as known inthe art.

Some APs limit the access of the subscribers by making sure that onlyspecific MAC addresses connect to the network. As our methods asdescribed above allow to use the same MAC address for several users,this specific MAC address can be used when using the network thatrestricts the use with specific MAC address.

In case a STA tries to connect to an AP with a captive portal, a specialapplication on the STA is running and performs the authentication andlog-in automatically. GN 21 can store typical portal appearances, suchthat it can guide the STA on how to perform the authentication/log-inprocess. If the STA comes across a captive portal which is unknown orunexpected, it can locally store the web pages that it received from thecaptive portal and later transfer them to GN 21. GN 21 accumulates thereports and guides STAs how to log-in to the captive portal in thefuture. As part of the swapping service, GN 21 can storeusername/passwords to enable connection through the captive portalautomatically.

Special Care for Data

The above description works well for both voice and data. TN 41 might bea mobile node as well, or a fixed node in the network. The transferredinformation between STA 11 and GN 21 can be voice, data, or theircombination.

In case STA 11 wishes to communicate with a node that is not aware ofthe novel network, it can do so through a node that is aware of thenetwork. For example, TN 41 can serve as a proxy for STA 11 (in asimilar way to mobile IP). The node that is not aware of the networkcommunicates with TN 41. TN 41 forwards the information to STA 11. TN 41can allocate an IP address (perhaps using NAT, or allocate ports usingits own IP address) that will serve STA 11.

To balance the communication load, STA 11 can have several network nodessuch as TN 41, TN 42 (not shown), etc. to be its proxies in parallel. Infact, the resulting connection between STA 11 and TN 41 can be seen as alayer 2 (MAC) connection, on top of which the communication isperformed. In this setup, TN 41 serves as the default gateway of STA 11,and optionally can run a DHCP server and a NAT server.

Executing the Invention Over a Peer-to-Peer Network

Another novel aspect of the above novel methods takes advantage of thefact that the wireless network is local in nature, as the APs aregeographically adjacent. The system and method as described in thisdisclosure allows GN 21 to be responsible over a small geographical areawith little interaction with its neighbors. As a result, the methodsthat are disclosed can be implemented by many small devices forming apeer-to-peer network that implements the methods, without the need torely heavily on large servers.

Many nodes GN 21, GN 22 (not shown), can each control a group of APs. Tomake the system grow “automatically”, it is possible to give users a“base” that will act as their point of presence in the network. Forexample, the base can assume the role of TN 41 as a Mobile IP proxy. Thebase can connect to the wired network at the premises of the customer.Some bases will assume the role of a GN, where the GNs can be managed byeither a network control center, or through peer-to-peer protocols.

In early stages of deployment of the system, when there is still a smallnumber of GNs, each GN might need to cover a large number APs. A generalserver can back-up all information that the GNs hold. To avoid thesituation, where a single GN needs to cover a huge number of APs withpseudo-beacons, the system might not use the pseudo-beacon mechanism(although, it should be noted that with moderate computing power andnetwork resources, a GN might be able to cover a few thousands of APs).In the worst case scenario of a peer-to-peer network, there is one base(GN) for each STA, and this GN act as the GN for the APs in theproximity of the STA.

When the STA moves, the coverage area in the responsibility of the GNmoves with it. In this case, the GN can fetch information on neighboringAPs from the general server. When GN abandons an AP, it can store theinformation it gathered about it in the general server, for later use bypossibly other GNs. In a system which is not based on many small GNs, alarge GN can assume the role of the smaller GNs.

It should be noted that it takes some time to gather the information onthe APs (such as timing, default gateways, etc). However, once a singleSTA passes in an area, it obtains the needed information. Thisinformation is later stored in the GNs and general server, for thebenefit of all STAs in the future.

If a STA needs to handover into an AP which has no STAs currently in it,it might not have the needed resources pre-allocated (such as anassociated MAC address and IP address), and might therefore need to gainit by itself. However, in many cases the STA can obtain resources at onepass in the area, and these resources (such as IP address) will stay forthe next pass in the area (which can be hours later).

An Alternate Fast Method for Connecting to an AP—Removing the Assumptionon the Existence of STA 12 in the Coverage of the New AP

A possible drawback of the above method of fast handover is that itrequires that the pool of resources that GN 21 holds should contain avalid IP address of the AP that STA is handing over to. If the DHCPlease time is long enough, having a valid IP might not be a problem, buton short lease times with only a few STAs roaming it is desirable toperform handovers even if there is no valid IP available in the pool.Unfortunately, a typical execution of the DHCP protocol can take severalseconds to complete, which might be too long for a fast handover.Interestingly, we observe that many APs will forward information even ifthe IP that is being used was not allocated by DHCP.

Therefore, we disclose the following method:

Choose a MAC and associate it with the AP (or use an Associated MACwithout an associated IP address), choose a random (but valid) IPaddress, and use it.

The STA must use the correct default gateway settings of the AP (thesesettings can be stored in GN 21). If the STA wishes to use DNS, it musthave the DNS settings of the AP (which can be received from GN 21), orDNS services are provided through GN 21.

Choosing a valid IP at random results in a very low probability ofcolliding with another IP address that is used in the AP. Note, however,that the STA still needs to authenticate/log-in through the captiveportal in case such portal exists.

Another method that can be used to quickly obtain an IP address, suchthat the IP address is not already allocated by the DHCP of the AP isdisclosed. Most DHCP implementations of AP send an ICMP (InternetControl Message Protocol) Echo Request (ping) before allocating an IPaddress, to make sure that it is unused. Therefore, STA can begin theDHCP protocol, then, wait for the ICMP echo request that the AP sends,and understand the IP that is going to be allocated to it.

Therefore, a STA can start using the IP address and respond to the ICMPecho request. It can then prematurely terminate the DHCP protocol (as italready got an IP). Alternatively, STA can use the IP address from theICMP echo request without responding to it, and complete the DHCPprocess. If the IP address that is allocated during the DHCP isidentical to the IP address (vast majority of cases), then STA simplysaved time. Otherwise, it can move from the IP address of the ICMP echorequest to the IP address that was allocated.

If no connection to GN 21 is available, the default gateway address canbe guessed, as in the majority of the cases the default gateway addressis one out of only a few addresses. Common addresses are: 192.168.1.1,192.168.2.1, 10.0.0.1, etc.

Moreover, the default gateway is usually the AP itself. Its MAC addressis known (as it is broadcasted in the beacon). Therefore, in most casesit is enough to forward packets to this MAC address (without knowing itsIP address).

A STA with a Capability to Connect on Two Channels in Parallel

The present application discloses a STA which has a capability ofcommunicating in two or more channels in parallel (for example, by usingtwo wireless network cards). This capability can enable a STA to beconnected to two APs in parallel without the need to implementsophisticated mechanisms that actually simulate this situation. Thus, aSTA can connect with future AP while maintaining a connection throughits serving APs. Being connected to two or more APs simultaneouslyallows greater bandwidth by utilizing two connections instead of one,and the performance of soft-handovers, i.e., the STA stays connectedthrough one AP, while disconnecting from the second AP in the process ofhandover.

Fast Uploading of Digital Camera Pictures

Digital cameras might be equipped with WiFi. The owner of such a camerawould like to upload his pictures from the camera to a server thatstores the pictures on the Internet—the reasons for this may vary frombeing able to share the photos while on vacation with family membersleft at home, back up the pictures from the digital camera to theInternet server, or simply because the memory card on the camera isrunning out of space. A major problem is that to upload the pictures tothe Internet may take a very long time, as pictures consume megabytes tostore.

Solution: The camera sends the photos to a laptop over WiFi (thisconnection is very fast), then disconnects and the camera's user maymove on. Then, the laptop uploads the pictures to the Internet server(this process can take a long time as it involves uploading a lot ofdata), but the laptop owner would not feel it as a burden, since thepictures can be uploaded when his Internet connection is not used forother purposes.

Method for Uploading Data Files

In a system with means for providing a wireless Internet connection toWiFi-enabled devices (STAs), a method for fast uploading of informationfrom STAs to the Internet, comprises:

a. a first STA, such as a laptop computer, connects to the Internet;

b. a second STA, such as a camera, wirelessly connects to the first STA,and uploads the information using the fast and direct-wirelessconnection between the STAs;

c. The first STA temporarily stores the information;

d. The first STA uploads the information to the Internet through itsbackhaul.

** End of method **

Notes

1. In the above method, the first STA may include for example a laptopor a personal computer, the second STA may include a digital camera or adigital video camera, and the information may include digital picturesor digital clips.

2. The second STA preferably disconnects from the first STA aftercompleting to upload the information to the first STA, but before thefirst STA completes the upload of information to the Internet; the firstSTA completes the upload of information from its temporary storage.

3. An additional step in the above method may include the following:

e. at a later time, the second STA connects to the Internet and verifiesthat the information was uploaded correctly.

4. The information may be encrypted by the second STA before beingtransmitted.

It will be recognized that the foregoing is but one example of anapparatus and method within the scope of the present invention and thatvarious modifications will occur to those skilled in the art uponreading the disclosure set forth hereinbefore.

I claim:
 1. A computing device comprising: at least one wireless interface adapted to wirelessly connect the computing device to an IP based network via a first wireless interface using a first interface identifier; a user interface adapted to allow a user of the computing device to interact with destinations over the IP based network, through the first wireless interface, using a first public IP address associated with the computing device; and wherein the computing device is adapted to operate as a second wireless interface and to: wirelessly communicate with other wireless enabled computing devices to provide a given device of the other wireless enabled computing devices with access to the IP based network by serving the given device as the second wireless interface having a second interface identifier, distinct from the first interface identifier, and providing the given device access to the network via the first wireless interface; and forward data traffic from the given device, through the computing device, through the first wireless interface, through the IP network, to a proxy server, such that the proxy server acts as a proxy of the given device and the given device operates on the network using a second public IP address distinct from the first public IP address, with the second public IP address associated with the given device.
 2. The computing device of claim 1 wherein the computing device is further adapted to tunnel data traffic from the given device, through the computing device, through the first wireless interface, through the IP network, to a proxy server, such that the data traffic is secure from the computing device and the first wireless interface.
 3. The computing device of claim 1 wherein the second interface identifier is associated with the proxy server.
 4. The computing device of claim 1 wherein the first wireless interface is included in a cellular telephone network.
 5. The computing device of claim 4 wherein the first wireless interface is a cellular base station.
 6. The computing device of claim 1 wherein the second wireless interface is controlled by a network entity accessed through the first interface.
 7. The computing device of claim 1 wherein the first wireless interface and the second wireless interface use different wireless communication protocols.
 8. The computing device of claim 1 wherein the first wireless interface is included in a terrestrial wireless network.
 9. The computing device of claim 1 wherein the proxy server acts as a proxy of the given device for the given device to interact with destinations over the IP based network and to interface with a third wireless interface using a third interface identifier to facilitate a handover of a wireless connection between the computing device and the IP based network from the first wireless interface to the third wireless interface, wherein the computing device is further adapted to operate as the second wireless interface after a handover to provide the given device with access to the IP based network using the second public IP address by forwarding data traffic from the given device, through the computing device, through the third wireless interface, through the IP network, to the proxy server.
 10. The computing device of claim 1 wherein the second public IP address is shared by the given device with at least one other device of the other wireless enabled computing devices.
 11. The computing device of claim 10 wherein data packets destined for each of the given device and the at least one other device are differentiated using different port numbers.
 12. The computing device of claim 1 wherein the second wireless interface is adapted to restrict the given device from accessing a predetermined set of IP addresses.
 13. A system comprising: a first wireless interface connected to an IP based network, the first wireless interface having a first interface identifier; a proxy server connected to the IP based network and adapted to act as a proxy of at least a subset of computing devices that connect via the first wireless interface; and a first computing device having a user interface, wherein the first computing device is adapted to: wirelessly connect to the IP based network via the first wireless interface; wirelessly communicate with other wireless enabled computing devices; enable a user of the first computing device to interact, through the user interface, with destinations over the IP based network, through the first wireless interface, using a first public IP address associated with the first computing device; provide a second computing device of the other wireless enabled computing devices with access to the IP based network by serving the second computing device as a second wireless interface having a second interface identifier, distinct from the first interface identifier, and providing the second computing device access to the IP based network via the first wireless interface; and forward data traffic from the second computing device, through the first computing device, through the first wireless interface, through the IP network, to the proxy server, wherein the proxy server acts as a proxy of the second computing device and the second computing device operates on the IP based network using a second public IP address distinct from the first public IP address, with the second public IP address associated with the second computing device.
 14. The system of claim 13 wherein the first computing device is further adapted to: provide a third computing device of the other wireless enabled computing devices with access to the IP based network by serving the third computing device as the second wireless interface having the second interface identifier, distinct from the first interface identifier, and providing the third computing device access to the IP based network via the first wireless interface; and forward data traffic from the third computing device, through the first computing device, through the first wireless interface, through the IP network, to the proxy server, wherein the proxy server acts as a proxy of the third computing device and the third computing device operates on the IP based network using a third public IP address distinct from the first public IP address, with the third public IP address associated with the third computing device.
 15. The system of claim 13 wherein the second interface identifier is associated with the proxy server.
 16. The system of claim 13 wherein the proxy server acts as a proxy of the second computing device for the second computing device to interact with destinations over the IP based network and to interface with a third wireless interface using a third interface identifier to facilitate a handover of a wireless connection between the first computing device and the IP based network from the first wireless interface to the third wireless interface, wherein the computing device is further adapted to operate as the second wireless interface after a handover to provide the given device with access to the IP based network using the second public IP address by forwarding data traffic from the given device, through the computing device, through the third wireless interface, through the IP network, to the proxy server.
 17. The system of claim 13 wherein the second computing device connects to the IP based network through a third wireless interface having a third interface identifier, distinct from the first interface identifier and the second interface identifier, concurrently with connecting to the IP based network through the second wireless interface.
 18. The system of claim 13 wherein the first computing device is adapted to prevent data packets destined for the user interface from being accessed by the second computing device.
 19. The system of claim 13 wherein the proxy server allocates the second public IP address for the second computing device and forwards data packets destined for the second public IP address to a current IP address associated with the second computing device, wherein the current IP address is distinct from the first public IP address and the second public IP address.
 20. A method comprising: wirelessly connecting a first computing device to an IP based network via a first wireless interface using a first interface identifier, wherein the first computing device wirelessly communicates with other wireless enabled computing devices; enabling a user of the first computing device to interact, through a user interface of the first computing device, with destinations over the IP based network, through the first wireless interface, using a first public IP address associated with the first computing device; providing a second computing device of the other wireless enabled computing devices with access to the IP based network via the first wireless interface by causing the first computing device to serve the second computing device as a second wireless interface having a second interface identifier, distinct from the first interface identifier, and provide the second computing device access to the IP based network via the first wireless interface; and forwarding data traffic from the second computing device, through the first computing device, through the first wireless interface, through the IP network, to a proxy server, wherein the proxy server acts as a proxy of the second computing device and the second computing device operates on the IP based network using a second public IP address distinct from the first public IP address, with the second public IP address associated with the second computing device. 